Here’s How DeFi Project Lost $320 Million Worth of Ether

Contents

  • An expensive bug
  • A prescient warning?

Wormhole, a bridge that links Solana with other popular blockchains, has been robbed of $320 million worth of wrapped Ethereum (wETH), suffering the second-biggest hack in the decentralized finance space on record.

The project quickly acknowledged the incident in a tweet.

Wormhole developers have come up with a whitehat agreement for the hacker, offering them a $10 million bounty.

As reported by U.Today, PolyNetwork, which suffered the biggest DeFi hack to date, managed to successfully return all of its stolen funds in August after weeks of negotiation with the attacker.

An expensive bug

In a recent thread, developer Kelvin Fichter explains that the attacker minted wETH on Solana and withdrew it to the Ethereum blockchain.

The hacker was able to exploit a bug in Wormhole’s verification function, using a fake system program to obfuscate the fact that the signature check had not been executed.

After fraudulently tricking the system into minting wETH on Solana, the attacker bridged it back to Ethereum.

Wormhole says that the vulnerability has now been patched.

A prescient warning?

Ethereum co-founder Vitalik Buterin recently warned about the security vulnerabilities of centralized cross-chain bridges in a lengthy Reddit post published last month, claiming that they were at great risk of a 51% attack.

Jonathon Wu, growth lead at Aztec Network, however, points to the fact that the Wormhole hack boils down to a smart contract bug, which is why Buterin’s warning might not apply in that particular case.

Source: https://u.today/heres-how-defi-project-lost-320-million-worth-of-ether